As the Azure AD Team says, “Conditional access is one of the fastest growing services in EMS and we are constantly getting feedback from customers about new capabilities they would like us to add to it. One of the most frequently requested is support for macOS. Customers want to have one consistent system for securing user accessing to Office 365 on all the platforms their employees are using.”
If you want to refresh your knowledge and memory about what EMS is, just do a search in this blog and you’ll find some additional information.
Starting from a few days ago, Azure Active Directory and Intune now support macOS platform for device-based conditional access, allowing you to restrict access to Intune-managed macOS devices using device-based conditional access according to your organization’s security guidelines.
So practically now we have the ability to enroll and manage macOS devices using Intune, make them follow your organization’s compliance policies, but also restrict access to applications in Azure AD to only compliant macOS devices.
Let’s see what do you need to do.
1. Configure compliance requirements for macOS devices in Intune
Use the Intune service in Azure Portal to create a device compliance policy for macOS devices in a few clicks:
Select Device compliance –> Policies:
Then, click the + sign to create a new policy:
Explore the various settings, as you can see you have the option to configure security settings, device health settings and device properties settings, such as the minimum and the maximum OS version.
2. Restrict access to Azure AD applications for macOS devices
You can create a targeted conditional access policy for macOS to protect the Azure AD Applications. Go to conditional access under Azure AD service in Azure portal to create a new policy for macOS platform:
A few more things that you need to remember:
In the public preview, the following OS versions, applications, and browsers are supported on macOS:
- macOS 10.11+
The following Office 2016 for macOS applications are supported:
- Outlook v15.34 and later
- Word v15.34 and later
- Excel v15.34 and later
- PowerPoint v15.34 and later
- OneNote v15.34 and later
Thanks for your time!